Thanks to over a hundred updates, the Coreflood botnet survived and evolved for 10 years. It is estimated to have stolen up to $100M USD. (Source: V3)

The hackers involved are suspected of being located in Russia. It is very possible that they will get away with their massive loot. (Source: Richard Kiwi)

Complaint has been issued against 13 foreign nationals, but there's no promises they won't get away with the loot

It took ten
years, but the U.S. finally has killed [press
release and court documents] a notorious botnet spread by an ever-evolving
virus known as "Coreflood". The botnet had been active since
2001, slowly building up an arsenal of 2 million computers worldwide, with the
help of helper malware. It is responsible for stealing an estimated $100M
USD worldwide from businesses and individuals.

A botnet is a group of infected
machines that can be coordinated to steal information from the users
of the machines. They can also be controlled to send malicious files,
spam, phishing emails, or other unsavory contents.

The creators of Coreflood took special care in honing their attack package.
What began as a trojan received over 100 updates, eventually gaining
viral characteristics and the ability to steal passwords and credit card
information.

The creators of the botnet used it as a vehicle to harvest information
pertaining to bank accounts. Using that information they initiated
thousands of fraudulent banking and wire transactions.
A complaint filed in the U.S. District Court for the District of
Connecticut reveals details of some of the losses -- a real estate company
in Michigan lost $115,771 USD, a South Carolina law firm lost $78,421 USD, and
a Tennessee defense contractor lost $241,866 USD.

It is believed that the botnet was run by at least 13 individuals operating out
of Russia. States Alan Paller, director of research at the SAN
Institute, an anti-cybercrime nonprofit group, in an interviewReuters, "We're
pretty sure a Russian crime group was behind it."

The feds long battle with Coreflood and the cybercriminals finally turned when
agents seized servers that were spreading the botnet. Describes the feds,
"The seizure of the Coreflood servers and Internet domain names is
expected to prevent criminals from using Coreflood or computers infected by
Coreflood for their nefarious purposes."

The final straw against Coreflood occurred this month when agents completed the
reverse engineering of the virus and instructed the infected machines to stop
sending stolen data and shut down.

The feds' ability to kill Coreflood was the result of lessons learned in past
incidents. In March, following a suit by Microsoft Corp. (MSFT), federal agents raided a
hosting service, seizing servers that were spreading the Rustock spammer
botnet. Without its backbone, Rustock essentially died, taking
approximately half of U.S. spam with it.

According to court documents the decision to reverse engineer the virus and
shut down the infected machines was inspired a technique used by Dutch police
in a separate case. It was the first time such a technique had been
employed in the U.S.

The Connecticut court's civil complaint was filed by the U.S. DOJ against the
13 foreign individuals believed to be running the botnet. A criminal
investigation is ongoing, and charges may follow.

Unfortunately the cybercriminals who masterminded the scheme appear to be
outside U.S. jurisdiction -- likely in Russia. Given the Russian government's
questionable resolve on cybersecurity, it's possible that those
involved will get away with the lot.

"The whole principle [of censorship] is wrong. It's like demanding that grown men live on skim milk because the baby can't have steak." -- Robert Heinlein